| SOV-1 Strategic Sovereignty | SEAL-0 | |
| SOV-2 Legal & Jurisdictional Sovereignty | SEAL-1 | |
| SOV-3 Data & AI Sovereignty | SEAL-0 | |
| SOV-4 Operational Sovereignty | SEAL-0 | |
| SOV-5 Supply Chain Sovereignty | SEAL-1 | |
| SOV-6 Technology Sovereignty | SEAL-0 | |
| SOV-7 Security & Compliance Sovereignty | SEAL-1 | |
| SOV-8 Environmental Sustainability | SEAL-1 |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-1.1 | EU/EEA legal entity control | 1. Entirely outside the EU | 0/125 | SEAL-1 | high | Render Services, Inc. is incorporated and headquartered in San Francisco, USA; no EU legal entity controls the company (src: https://render.com/terms). |
| SOV-1.2 | Change of control risk | 3. Somewhat likely takeover/transfer to non-EU sovereign entity | 63/125 | SEAL-4 | low | VC-backed US startup ($258M raised, ~$1.5B valuation); acquisition by a non-EU entity is a realistic exit path but not imminent. |
| SOV-1.3 | Control over roadmap | 2. Through 'voice of the customer' public channels | 42/125 | SEAL-2 | medium | Roadmap is controlled by the US company; EU customers can only influence via public feature-request/feedback channels, no governance body. |
| SOV-1.4 | Financial independence from non-EU capital | 1. Almost entirely relying on non-EU funding | 0/125 | SEAL-4 | high | Funding is almost entirely non-EU US venture capital (General Catalyst, Bessemer, Georgian, Addition, 01A, South Park Commons). |
| SOV-1.5 | EU economic contribution | 1. Minimal | 0/125 | SEAL-4 | medium | US-based company with US workforce and US ownership; EU economic contribution is minimal beyond reselling AWS Frankfurt capacity. |
| SOV-1.6 | Participation in EU strategic programs | 1. No clear participation | 0/125 | SEAL-4 | high | No evidence of participation in Gaia-X, IPCEI-CIS or any EU strategic program. |
| SOV-1.7 | Alignment with EU industrial strategies | 1. No evidence exists | 0/125 | SEAL-4 | medium | No evidence of alignment with EU industrial strategies; positioning is global/US developer market. |
| SOV-1.8 | Resilience to cut-off | 2. Service would stop, with delay for customer reaction | 31/125 | SEAL-0 | medium | No own_stack: PaaS on non-EU hyperscalers (AWS/GCP); a US cut-off or AWS withdrawal halts the service, leaving only a migration window -> SOV-1.8 opt2 (seal 0). |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-2.1 | Primary legal jurisdiction | 1. Non-EU only | 0/167 | SEAL-1 | high | Terms of service are governed by US (California, San Francisco courts) law; the contracting entity is US, not subject to exclusive EU jurisdiction (src: https://render.com/terms). |
| SOV-2.2 | Extraterritorial laws exposure | 2. Mitigation clauses, exposure remains | 42/167 | SEAL-1 | high | consistency (cluster norm 2.2=opt2): US-incorporated, no EU trustee/shielding structure; GDPR DPA/SCC mitigation clauses exist but residual exposure to US CLOUD Act/FISA remains -> opt2 (seal 1) (src: https://render.com/dpa). |
| SOV-2.3 | Data access pathways for non-EU authorities | 2. Can compel access without notification, specific cases | 42/167 | SEAL-1 | high | consistency (cluster norm 2.3=opt2): US-incorporated (no immunity) -> subject to US CLOUD Act/FISA, can be compelled to grant access including EU-region data without notification in specific national-security cases (gag orders) -> opt2 (seal 1). |
| SOV-2.4 | Export control restrictions | 2. Restrictions towards EU citizens or international orgs | 42/167 | SEAL-1 | low | consistency (cluster norm 2.4=opt2): US export-control regimes (EAR/OFAC) apply; no EU-MS shielding and no >50% EU revenue dominance -> opt2 (seal 1). |
| SOV-2.5 | Origin of IP | 1. Entirely outside the EU | 0/167 | SEAL-4 | high | The platform IP (orchestration, control plane) is developed and owned by the US company; effectively entirely outside the EU. |
| SOV-2.6 | IP holder jurisdiction | 1. Non-EU law, single country | 0/167 | SEAL-3 | high | IP is held by the US parent under US (single-country) law. |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-3.1 | Customer control over encryption keys | 1. Provider only | 0/200 | SEAL-0 | medium | Render manages encryption at rest using underlying cloud provider keys; no customer-managed/BYOK key control is offered, so the provider holds the keys. |
| SOV-3.2 | Transparent data flows & access logs | 2. Basic incomplete logs | 50/200 | SEAL-1 | low | Render provides service/audit logs but not comprehensive real-time customer-controlled data-access logs of provider/sub-processor access. |
| SOV-3.3 | Secure deletion & proof of erasure | 3. Internal validation per policy, no proof | 100/200 | SEAL-1 | low | consistency (cluster norm 3.3=opt3): deletion follows documented internal policy/DPA commitments with no independently verified cryptographic proof-of-erasure -> opt3 (internal validation per policy, seal 1). |
| SOV-3.4 | Data location strictly in EU/EEA | 2. Partly EU, significant third-country reliance | 50/200 | SEAL-0 | medium | No eu_exclusive: Frankfurt is one of several regions (Oregon/Ohio/Virginia/Singapore), no contractual EU-only guarantee, US-operated control plane processes globally -> global-default product, significant third-country reliance, SOV-3.4 opt2 (seal 0) (src: https://render.com/docs/regions). |
| SOV-3.5 | AI services sovereignty | 3. Mixed: auditable/open-source AI, foreign chips | 100/200 | SEAL-2 | low | consistency (cluster norm: no in-scope first-party AI service, like Platform.sh): Render offers no AI/ML service; any inference runs on foreign accelerators in the underlying hyperscalers -> opt3 (mixed/foreign chips, seal 2). |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-4.1 | Portability & interoperability | 3. Standard documented data export methods | 84/167 | SEAL-4 | medium | Render uses standard Docker/container runtimes and documented data export; portability is feasible but no formal migration service to sovereign infra. |
| SOV-4.2 | Ability to operate without foreign dependencies | 1. Critical ops delivered by non-EU teams | 0/167 | SEAL-1 | high | Critical platform engineering and operations are run by the US-based team; the EU region depends on AWS plus US operators. |
| SOV-4.3 | Skill availability in the EU | 1. Global team, mainly non-EU | 0/167 | SEAL-1 | medium | Engineering/SRE staff are predominantly US-based; no indication of a dedicated EU operations workforce. |
| SOV-4.4 | Support channels | 1. Global, majority outside EU | 0/167 | SEAL-1 | medium | Support is global and US-centered (San Francisco HQ); no EU-based support guarantee. |
| SOV-4.5 | Documentation & knowledge transfer | 1. Global/non-EU exposure | 0/167 | SEAL-0 | low | No eu_ops: documentation and knowledge bases are global/US-hosted with no EU-only repository enforcement -> SOV-4.5 opt1 (seal 0). |
| SOV-4.6 | Subcontractor & supplier jurisdiction | 2. Service would stop with delay | 42/167 | SEAL-2 | medium | Critical dependency on AWS (EU) and GCP (US) sub-processors; loss of these would stop the service after a migration delay. |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-5.1 | Origin of components (physical parts) | 1. No disclosure | 0/143 | SEAL-1 | medium | Render owns no hardware; physical components belong to AWS/GCP and are not disclosed to Render's customers as a bill of materials. |
| SOV-5.2 | Manufacturing location | 1. Fully foreign, black box | 0/143 | SEAL-1 | medium | Underlying servers are manufactured/operated by US hyperscalers (foreign, black box from Render's perspective). |
| SOV-5.3 | Embedded code/firmware provenance | 1. No disclosure | 0/143 | SEAL-4 | low | Firmware/embedded code of the underlying hardware (hyperscaler-controlled) is not disclosed. |
| SOV-5.4 | Origin of software | 2. Foreign origin, partial disclosure | 36/143 | SEAL-2 | medium | foreign_core: control-plane software is proprietary US-developed (open-source components, partial disclosure), maintained outside the EU -> SOV-5.4 opt2 (seal 2). |
| SOV-5.5 | Software build/release jurisdiction | 1. Non-EU control & execution | 0/143 | SEAL-1 | medium | Software build and release pipeline is controlled and executed by the US company, not in the EU. |
| SOV-5.6 | Single point of dependency | 1. Only non-EU vendors/facilities | 0/143 | SEAL-1 | high | Single point of dependency on non-EU vendors (AWS, GCP) and the US parent for the entire platform. |
| SOV-5.7 | Supply chain transparency | 2. Some suppliers auditable | 36/143 | SEAL-1 | low | Some transparency via SOC 2/ISO 27001 sub-processor lists, but the full supply chain is not customer-auditable. |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-6.1 | Interoperability & open interfaces | 3. Mixed (partial openness) | 100/200 | SEAL-2 | medium | Render exposes REST APIs, standard Git/Docker workflows and Blueprint specs, mixing open practices with proprietary platform constructs. |
| SOV-6.2 | Open standards compliance | 3. Partial core adoption | 100/200 | SEAL-2 | medium | Partial adoption of open standards (Docker, OCI containers, standard protocols) but no policy mandating open standards across all core services. |
| SOV-6.3 | Open source availability | 1. Fully closed-source, vendor-controlled | 0/200 | SEAL-2 | medium | Render's platform/control plane is closed-source and vendor-controlled; it consumes open source but the product itself is not open. |
| SOV-6.4 | Service architecture transparency | 3. Some public insight | 100/200 | SEAL-3 | low | Some public architecture insight via docs and engineering blog, but no deep architecture transparency or customer co-design. |
| SOV-6.5 | HPC sovereignty | 1. Imported black-box HPC | 0/200 | SEAL-0 | low | No EU HPC; any high-performance/GPU compute relies on imported black-box hyperscaler hardware. |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-7.1 | Security certification (EAL) | 3. EAL2 | 72/143 | SEAL-2 | high | certs: ISO 27001:2022 + SOC 2 Type II (no C5/ENS/SecNumCloud/EUCS/Common Criteria EAL); per key ISO 27001 + SOC 2 maps to opt3 (EAL2-equiv, seal 2) (src: https://render.com/docs/certifications-compliance). |
| SOV-7.2 | EU regulatory compliance (GDPR/NIS2/DORA) | 4. Partial compliance to most | 107/143 | SEAL-4 | medium | GDPR DPA offered and SOC 2/ISO 27001 audited, but no demonstrated NIS2/DORA compliance; partial compliance to most relevant regimes (src: https://render.com/docs/certifications-compliance). |
| SOV-7.3 | EU-based SOC & incident handling | 1. SOC/IR outside EU | 0/143 | SEAL-1 | low | consistency (US-centric cluster norm): security operations and incident response are run by the US-based team with no dedicated EU SOC -> opt1 (SOC outside EU, seal 1). |
| SOV-7.4 | Control over security monitoring/logging | 3. Basic monitoring portal | 72/143 | SEAL-1 | low | consistency (cluster norm 7.4=opt3): customers get a logs/metrics monitoring portal, but provider retains primary control and no guarantee of EU-stored immutable logs -> opt3 (basic monitoring portal, seal 1). |
| SOV-7.5 | Disclosure of incidents | 3. Moderate (GDPR/NIS2-aligned) | 72/143 | SEAL-2 | medium | Incident disclosure via GDPR DPA breach-notification commitments; GDPR-aligned but no real-time CSIRT/ENISA sharing. |
| SOV-7.6 | Maintenance autonomy | 3. Moderate autonomy (notice + testing, except zero-day) | 72/143 | SEAL-4 | low | Render performs platform maintenance with customer notice; managed PaaS gives moderate autonomy with scheduled/notified maintenance. |
| SOV-7.7 | Auditability | 2. Limited independent access | 36/143 | SEAL-1 | medium | No audit_rights: independent assurance limited to third-party SOC 2/ISO audits and shared reports; no full audit by the contracting authority or independent EU body -> SOV-7.7 opt2 (seal 1). |
| ID | Factor | Value | Score | SEAL | Conf. | Justification |
|---|---|---|---|---|---|---|
| SOV-8.1 | Energy efficiency (PUE) | 3. PUE < 1.5 + roadmap | 125/250 | SEAL-4 | low | Runs on AWS/GCP data centers which publish PUE around 1.1-1.2 with efficiency roadmaps; Render inherits hyperscaler efficiency but publishes none itself -> opt3 (PUE<1.5 + roadmap) (src: https://www.google.com/about/datacenters/efficiency/). |
| SOV-8.2 | Hardware reuse & recycling | 3. Documented program | 125/250 | SEAL-3 | low | Underlying AWS/GCP facilities have documented hardware reuse/recycling programs; Render itself owns no hardware -> opt3 (documented program) (src: https://sustainability.aboutamazon.com/products-services/aws-cloud). |
| SOV-8.3 | Environmental impact reporting | 2. Basic reporting | 63/250 | SEAL-1 | low | Render does not publish its own environmental report; only basic inherited reporting via hyperscaler sustainability disclosures -> opt2 (basic reporting, seal 1). |
| SOV-8.4 | Energy supplies | 3. Mix of EU and non-EU supplies | 125/250 | SEAL-4 | low | AWS Frankfurt and GCP use a mix of renewable and grid energy with renewable matching; energy supply is a mix of EU and non-EU sources (src: https://www.google.com/about/datacenters/cleanenergy/). |